|Russian, Romanian and Latvian held for infecting a million PCs for online thefts
The United States charged three young East European men with running an international cyber theft ring that broke into a million computers, including at the space agency NASA.
The trio used a malicious computer code or malware, dubbed the Gozi Virus, to infiltrate computers across Europe, then America, causing “millions in losses by, among other things, stealing online banking credentials,’’ the federal prosecutor’s office said, AFP reports.
The alleged designer and “chief architect’’ of the virus, Russian national Nikita Kuzmin, was detained on US soil back in 2010 and pleaded guilty the following year, agreeing to cooperate with investigators. The 25-year-old's alleged partners were nabbed at the end of 2012.
Deniss Calovskis, known as ‘Miami,’ 27, was arrested in his native Latvia in November, and charged with writing some of the computer code in the Gozi Virus.
Mihai Ionut Paunescu, nicknamed ‘Virus,’ was charged with running a so-called “bulletproof hosting’’ service that enabled distribution of the Gozi and other viruses. Paunescu, 28, was arrested in his home country of Romania in December.
FBI Assistant Director-in-Charge George Venizelos said: “This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars.''
Manhattan chief federal prosecutor Preet Bharara likened the alleged gang to the notorious American bank robber William ‘Willie’ Sutton. But, he added, “as we have seen with increasing frequency, cyber criminals' bank heists require neither a mask nor a gun, just a clever program and an internet connection.
“This case should serve as a wake-up call to banks and consumers alike, because cybercrime remains one of the greatest threats we face, and it is not going away any time soon.''
Prosecutors say the ultra sophisticated scam unfolded between 2005 and March 2012 and that the virus was “virtually undetectable in the computers it infected.’’ First, it was implanted in computers across Europe “on a vast scale,’’ then around 2010 it spread to the United States, the Calovskis indictment said.
In the United States, “more than 160 were computers belonging to the National Aeronautics and Space Administration,’’ the indictment said.
The FBI worked with Britain, Finland, Germany, the Netherlands, Latvia, Moldova, Romania and Switzerland over a two-and-a-half year period, seizing 51 servers in Romania alone, and 250 terabytes of information.
Paunescu operated what's known as a “bulletproof hosting’’ service that allows cyber criminals to operate beyond the reach of law enforcement, the indictment against him says.
The Romanian would rent thieves safe IP addresses and servers which were then used to spread malware, including the Gozi Virus, the Zeus Trojan and SpyeEye Trojan, the charges said.
Collectively, these viruses “have infected millions of computers around the world, targeted numerous banks in the United States and elsewhere, including at least one major United States bank headquartered in Manhattan,'' the indictment said.
Kuzmin, the indictment against him says, “hired a sophisticated computer programmer to write the virus' source code’’ for the Gozi, so that he could embark on large-scale theft.
“After months of work, [the unnamed programmer] completed work on the source code for the Gozi Virus and provided it to Kuzmin,’’ who in turn rented the virus out to other criminals, the indictment says.
These co-conspirators were enabled to tailor the Gozi Virus to their own goals, whether for stealing passwords or other data. Kuzmin allegedly called this business the ‘76 Service.’
Calovskis, the Latvian, was described as having used his expertise in computer programming to create ‘web injects,’ a code that alters how banking websites appear on infected computers, prompting victims into revealing more personal information, such as Social Security numbers.